Merge branch 'kerberos'

saltstack · Jul 10, 2015 · fa27f38 · fa27f38
2 parents 0a30899 + 579df8e
commit fa27f38
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/pepper/cli.py b/pepper/cli.py
@@ -185,6 +185,9 @@ def get_login_details(self):
         if self.options.saltapiurl:
             results['SALTAPI_URL'] = self.options.saltapiurl
 
+        if results['SALTAPI_EAUTH'] == 'kerberos':
+            results['SALTAPI_PASS'] = None
+
         if self.options.eauth:
             results['SALTAPI_EAUTH'] = self.options.eauth
             if self.options.username is None:

diff --git a/pepper/libpepper.py b/pepper/libpepper.py
@@ -76,6 +76,9 @@ def req(self, path, data=None):
         :rtype: dictionary
 
         '''
+        if (hasattr(data, 'get') and data.get('eauth') == 'kerberos') or self.auth.get('eauth') == 'kerberos':
+            return self.req_requests(path, data)
+
         headers = {
             'Accept': 'application/json',
             'Content-Type': 'application/json',
@@ -129,6 +132,45 @@ def req(self, path, data=None):
 
         return ret
 
+    def req_requests(self, path, data=None):
+        '''
+        A thin wrapper around request and request_kerberos to send
+        requests and return the response
+
+        If the current instance contains an authentication token it will be
+        attached to the request as a custom header.
+
+        :rtype: dictionary
+
+        '''
+        import requests
+        from requests_kerberos import HTTPKerberosAuth, OPTIONAL
+        auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
+        headers = {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+            'X-Requested-With': 'XMLHttpRequest',
+        }
+        if self.auth and 'token' in self.auth and self.auth['token']:
+            headers.setdefault('X-Auth-Token', self.auth['token'])
+        # TODO make an option
+        self._ssl_verify = False
+        params = {'url': self.api_url + path,
+                  'headers': headers,
+                  'verify': self._ssl_verify,
+                  'auth': auth,
+                  'data': json.dumps(data),
+                  }
+        logger.debug('postdata {0}'.format(params))
+        resp = requests.post(**params)
+        if resp.status_code == 401:
+            # TODO should be resp.raise_from_status
+            raise PepperException('Authentication denied')
+        if resp.status_code == 500:
+            # TODO should be resp.raise_from_status
+            raise PepperException('Server error.')
+        return resp.json()
+
     def low(self, lowstate, path='/'):
         '''
         Execute a command through salt-api and return the response